A passive protected self-healing mesh network architecture and applications
IEEE/ACM Transactions on Networking (TON)
Principles of a computer immune system
NSPW '97 Proceedings of the 1997 workshop on New security paradigms
Model-based adaptation for self-healing systems
WOSS '02 Proceedings of the first workshop on Self-healing systems
Recovery from Malicious Transactions
IEEE Transactions on Knowledge and Data Engineering
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Communications of the ACM - Has the Internet become indispensable?
Taking a Lesson from Stealthy Rootkits
IEEE Security and Privacy
A formal framework for positive and negative detection schemes
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Visual Analysis of Program Flow Data with Data Propagation
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Component survivability at runtime for mission-critical distributed systems
The Journal of Supercomputing
| Hi-index | 0.00 |
Increasing demands for reliability and dependability clash with the reality of escalating security compromises and vulnerability discoveries. Improvements in attack methodologies such as polymorphic viruses, tampering of source code repositories, and automation of distributed strikes are no match for the untimely detection and manual recovery practices used today. We present a run-time method to automate recovery from kernel level system compromises. It is capable of returning modified system call table addresses back to their original values, terminating hidden processes, removing hidden files, and blocking attacker traffic to hidden connections. Self-healing mechanisms such as this can be employed to create more reliable intrusion tolerant operating systems and applications. A working prototype has been implemented as a loadable kernel module on Linux, and can be easily enhanced for other operating systems.